General

  • Target

    15b38276f41126099be95a4890a701026de7dc08731930624517842d413632f7

  • Size

    1MB

  • Sample

    220504-17d8lshdhr

  • MD5

    5d2367e76275aa61b153bbe5c34e73e6

  • SHA1

    6e3893ebe0e612bdf7923f83f97d7301f152cfa7

  • SHA256

    15b38276f41126099be95a4890a701026de7dc08731930624517842d413632f7

  • SHA512

    c7b418d04c7b555af5bdbd66cdaea8d74a997b0a9e9dc662459ad6baf8b6ae3f1726c45c7b91b6f80c611c1d8f6e78b3e0c3d77f6a8325cc7e913862b16aa6f9

Malware Config

Extracted

Family

redline

Botnet

install

C2

78.47.98.158:35823

Attributes
auth_value
8eea77189c08cded7fd621fc5ec89caf

Targets

    • Target

      15b38276f41126099be95a4890a701026de7dc08731930624517842d413632f7

    • Size

      1MB

    • MD5

      5d2367e76275aa61b153bbe5c34e73e6

    • SHA1

      6e3893ebe0e612bdf7923f83f97d7301f152cfa7

    • SHA256

      15b38276f41126099be95a4890a701026de7dc08731930624517842d413632f7

    • SHA512

      c7b418d04c7b555af5bdbd66cdaea8d74a997b0a9e9dc662459ad6baf8b6ae3f1726c45c7b91b6f80c611c1d8f6e78b3e0c3d77f6a8325cc7e913862b16aa6f9

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

      Discovery

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation